CVE-2024-8932 | Zend by Perforce

php: OOB access in ldap_escape

Publication Date	2024-11-22
Severity	Critical
Type	Cross-Site Request Forgery
Affected PHP Versions	7.2.0-7.2.34 7.3.0-7.3.33 7.4.0-7.4.33 8.0.0-8.0.30 8.1.0-8.1.31 8.2.0-8.2.26 8.3.0-8.3.14
Fixed Product Versions	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendPHP 8.3

CVE Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Recommendations

We recommend upgrading to a known patched version of PHP.

< View all CVEs